<div class="col-md-9">
	<?php
		session_start();
		$ses = $_SESSION['id_session'];
		$id_member = $_SESSION['id_member'];
		$nama = security("$_POST[nama]");
		$alamat = security("$_POST[alamat]");
		$telp = security($_POST['telp']);
		$email = security($_POST['email']);
		$kota =	$_POST['kota'];
		$kd_pos = security($_POST['pos']);
		$keterangan = security("$_POST[keterangan]");
		
		$tarif = $koneksi->query("select tarif from kabupaten where id_kabupaten = $kota");
		$t = $tarif->fetch(PDO::FETCH_ASSOC);
		
		$jml = $koneksi->query("select sum(jumlah) as jml from order_temp where id_session = '$ses'");
		$j = $jml->fetch(PDO::FETCH_ASSOC);
		
		$ongkir = $t['tarif'] * $j['jml'];

		if(isset($_POST['submit'])){
			$tgl = date("dmy");
			$sttmt = $koneksi->query("SELECT max(id_orders) as maxID FROM orders where id_orders like '$tgl%'");
			$hasil = $sttmt->fetch(PDO::FETCH_ASSOC);
			$idMax = $hasil['maxID'];
			$noUrut = (int) substr($idMax, 6, 4);
			$noUrut++;
			$kode = "$tgl".sprintf("%04s", $noUrut);
			$tanggal = date("Y-m-d");
			$jam = date("h:i:s");
			
			$simpan = $koneksi->exec("insert into orders values ('$kode','$id_member','$nama','$alamat','$telp','$email',2,'','$tanggal','$jam','$kota','$keterangan','$kd_pos',$ongkir)");
			
			$temp = $koneksi->query("select * from order_temp where id_session = '$ses'");
			while($pindah = $temp->fetch(PDO::FETCH_ASSOC)){
				$detail = $koneksi->exec("insert into order_detail (id_orders,id_produk,jumlah,id_ukuran,harga,diskon) values ('$kode',$pindah[id_produk],$pindah[jumlah],$pindah[id_ukuran],$pindah[harga],$pindah[diskon])");
				$stok = $koneksi->exec("update stok set stok = stok - $pindah[jumlah] where id_produk = $pindah[id_produk] and id_ukuran = $pindah[id_ukuran]");
				$hapus = $koneksi->exec("delete from order_temp where id_temp = $pindah[id_temp]");
			}
			
			$url_sukses = "index.php";
			if($simpan){
				?>
				<script>
					alert("Terima kasih telah melakukan pembelian, detail pembayaran telah kami kirim melalui email.");
				</script>
				<?php
				echo "<meta http-equiv='refresh' content='0; url=$url_sukses'>";
				exit;
			}else{
				echo mysql_error();
			}
		}
	?>
</div>